2023 Data Breaches
V2verify Is The Key To Preventing Data Breaches
V2verify is the answer for preventing data breaches like these, but until they are no longer an issue, we want to provide you with tools and information to minimize your risk and exposure.
Is You're Information Is On the Dark Web
Check Have I Been Pawned to see if your personal information
has been breached.
What to Do If Your Data Is Breached
Major database breaches are a regular occurrence, meaning it’s not a matter of if you’ll get hit, but when. The good news is that being proactive when this happens can help prevent the headaches that come from the breach.
March 2023
March 09
AT&T
AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
"Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan," AT&T told BleepingComputer.
March 08
DC Health Link
A top House official said that a “significant data breach” at the health insurance marketplace for Washington, D.C., on Tuesday potentially exposed personal identifiable information of hundreds of lawmakers and staff.
The data breach has also affected Senate offices, according to an email sent to Senate offices Wednesday afternoon that said the Senate Sergeant at Arms was informed by law enforcement about a data breach.
The notice said that the “data included the full names, date of enrollment, relationship (self, spouse, child), and email address, but no other Personally Identifiable Information (PII).”
March 07
ACER
Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians.
The confirmation of a data breach comes after a threat actor began selling on a popular hacking forum what they claim is 160GB of data stolen from Acer in mid-February 2023.
March 06
Flutterwave
Last month, Flutterwave, Africa’s largest startup by private valuation, was involved in a hack that resulted in more than ₦2.9 billion (~$4.2 million) missing from its accounts, according to local tech publication Techpoint Africa.
According to the documents seen by the publication and reviewed by TechCrunch, unknown actors transferred the funds across 28 accounts in 63 transactions in early February. Police investigations are ongoing as Flutterwave, via legal counsel and law enforcement parties, has filed a motion and seeks to freeze accounts across 27 financial institutions that interacted with the missing funds, Techpoint Africa reported.
March 05
Rio Tinto
Mining giant Rio Tinto has been caught up in a concerning technology breach that has exposed the private communications of some of its employees.
March 04
Tennessee State University & Southeastern Louisiana
a public historically black land-grant university in Nashville — notified its more than 8,000 students on Wednesday that its IT systems were brought down by a ransomware attack.
March 04
Chick-Fil-A
On Friday morning, Chick-Fil-A released a statement about a data breach on their mobile app.
In their statement, the restaurant said the data breach concerned the personal information of app users. The company also provided details about the breach, measures that were taken as a response, and a list of resources to help customers.
After the investigation, Chick-fil-A learned that a cyber attack had been launched on their website and app between December 2022 and February of this year. The attack was launched using email addresses and passwords from a third-party source.
March 02
The Sandbox
Blockchain-based game The Sandbox said a phishing email has been sent to some users as a result of a security breach.
An unauthorized third party gained access to an employee's computer and used it to email users, The Sandbox said in a blog post Thursday. The email, entitled "The Sandbox Game (PURELAND) Access," included links to malware that could be used to gain access to the personal information of those who click on them. The firm didn't indicate how many people had received the email.
March 02
WH Smith
High Street retailer WH Smith has been hit by a cyber-attack, with hackers accessing some of its workers' data.
Data that may have been breached includes names, addresses, National Insurance numbers and dates of birth of the firm's current and former UK staff.
March 02
GunAuction.com
Hackers breached a website that allows people to buy and sell guns, exposing the identities of its users, TechCrunch has learned.
The breach exposed reams of sensitive personal data for more than 550,000 users, including customers’ full names, home addresses, email addresses, plaintext passwords and telephone numbers. Also, the stolen data allegedly makes it possible to link a particular person with the sale or purchase of a specific weapon.
March 02
Hatch Bank
Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform.
As reported by TechCrunch, data breach notifications sent to impacted customers and filed with Attorney General's offices warned that hackers exploited a vulnerability in the GoAnywhere MFT software to steal the data of 139,493 customers.
March 01
Crystal Bay Casino
Crystal Bay Casino filed notice of a data breach with the attorney general offices in Maine, Montana and Massachusetts after learning that an unauthorized party accessed files on the company’s computer network containing confidential consumer information. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers and driver’s license numbers.
February 2023
February 27
Middlebury College
Middlebury College is issuing a warning to people who recently purchased tickets to college events online during the month of February that their personal information may have been stolen.
The college said the issue involves a third-party vendor for campus event ticketing, AudienceView, which reported last week that it was recently impacted by a payment card data security breach.
February 27
Middlebury College
Middlebury College is issuing a warning to people who recently purchased tickets to college events online during the month of February that their personal information may have been stolen.
The college said the issue involves a third-party vendor for campus event ticketing, AudienceView, which reported last week that it was recently impacted by a payment card data security breach.
February 27
U.S. Marshals Service
The U.S. Marshals Service reported a cyber intrusion that put potentially sensitive law enforcement information at risk, the agency acknowledged Monday.
Agency spokesman Drew Wade said the ransomware incident targeting a "stand-alone" system was discovered Feb. 17, prompting officials to "disconnect" its operation while launching an investigation into what authorities described as a "major incident."
"The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," Wade said.
February 27
News Corp
Media giant News Corp has disclosed new details about a data breach discovered last year and attributed to a state-sponsored threat actor.
Employees of News Corp are being sent breach notification letters this week following a January 2022 breach that the company believes the Chinese government was behind.
On Wednesday, News Corp submitted documents to Massachusetts confirming the breach. A News Corp spokesperson would not tell The Record how many people were sent letters but at least one person in Massachusetts was sent a copy.
February 27
Stanford University
Stanford University has announced unauthorized access to Economics Ph.D. program admission files was obtained through a misconfiguration in the file folder's settings, said Stanford University, which noted that breach notifications have already been sent to 897 individuals affected by the incident.
February 24
Rancho Mesquite Casino
Popular Australian electronics retailer The Good Guys has revealed some of its customers' personal A hacker was able to access the sensitive information involving Rancho Mesquite Casino over several days in November 2022, documents said. Information accessed included full names and Social Security numbers.
February 24
Regional One Health
Regional One Health, a Tennessee-based non-profit health system that owns and operates an acute care hospital, a long-term care hospital, physician practices and other health related entities, notified it had detected a data breach occurred at the end of 2022.
Specifically, Reventics, a revenue cycle management company and a business associate of Regional One Health, detected a cyber-intruder who accessed the company’s servers in December 2022. Upon learning of the breach, Reventics hired an international cybersecurity and forensic consulting firm to determine the extent of the incident. The firm confirmed the intruder accessed and exfiltrated certain personally identifiable information and protected health information protected under HIPAA and state privacy laws.
February 24
Reventics
Memphis, Tennessee-based Regional One Health posted a notice on its website informing patients of the breach – Reventics is a third-party business associate of the Tennessee health system.
The incident potentially exposed patient names, addresses, medical record and patient account numbers, Social Security numbers, dates of birth, driver’s license numbers, health plan names and IDs, financial information, and clinical data.
February 24
Indigo Books & Music Inc.
A ransomware attack compromised the data of current and former employees at Canada’s biggest bookstore chain, Indigo Books & Music Inc. says.
In a statement on its website, Indigo said the breach on Feb. 8 left no indication that customers’ personal information, such as credit card numbers, had been accessed, but that “some employee data was.”
February 24
Stanford University
Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.
Last week, the university sent data breach notification letters to 897 individuals who submitted personal and health information as part of the graduate application to its Department of Economics, informing them that their info was accessed without authorization.
February 23
The Good Guys
Popular Australian electronics retailer The Good Guys has revealed some of its customers' personal data has been stolen in a cyberattack on a third-party supplier.
The IT systems belonging to Pegasus Group Australia Pty Ltd, a company which previously ran The Good Guys' reward service for "Concierge" members, has been hacked, The Good Guys has announced.
The supplier held contact details of Concierge members, including names, addresses, phone numbers and email addresses, as well as encrypted passwords and dates of birth of some members.
February 23
Tallahassee Memorial HealthCare
Tallahassee Memorial HealthCare (TMH) has restored its computer systems and returned to standard operations across its network, the health system announced.
As previously reported, TMH began responding to an IT security issue in early February by taking its IT systems offline as a precaution. TMH diverted some EMS patients and rescheduled all non-emergency surgical and outpatient procedures as it continued to deal with the incident.
In its most recent update, TMH said it has transitioned back to electronic medical records rather than paper documentation and is no longer diverting EMS patients. TMH has also begun scheduling non-emergency surgeries and outpatient procedures.
February 22
Long Beach Unified School District
A database containing the names, emails and student identification numbers of over 130,000 Long Beach Unified School District students was recently breached. The leak, which officials said they learned about Tuesday evening, appears to have been uploaded to the dark web for hackers to take advantage of.
Experts and the school district, however, say that the risk to those affected is relatively low, as the leak did not contain any sensitive information like addresses, birthdates, Social Security numbers or grades.
February 22
Indigo Books and Music
Two weeks after suffering a cyber attack, Indigo Books and Music has acknowledged it was hit by ransomware and employee data was compromised.
“On February 8, 2023, Indigo experienced a ransomware attack,” the company says in an updated FAQ on its website. “Through our investigation we learned there is no reason to believe customer data has been improperly accessed, but that some employee data was.”
“We are notifying all affected employees,” the site says. “We have also notified and are co-operating with law enforcement.
February 20
RailYatri
RailYatri, a popular Indian train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million (31,062,673) users/travelers. The breach is believed to have occurred in late December 2022, with the database of sensitive information now being leaked online. The compromised data includes email addresses, full names, genders, phone numbers, and locations, which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes.
February 20
Activision
Activision allegedly suffered a major data breach back in December, and images that apparently surfaced from the incident have revealed big plans for the rest of the Modern Warfare 2 game cycle, along with some dates that could be linked to the rumored 2023 title.
February 17
Paul Smith’s College
Paul Smith’s College filed notice of a data breach with the Maine Attorney General after learning that an unauthorized party gained access to its computer systems where they were able to access confidential information belonging to certain students and employees. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers.
February 17
Wentworth Health Partners Garrison Women’s Health (GWH)
Wentworth Health Partners Garrison Women’s Health (GWH) informed patients that a third-party data breach impacted its IT infrastructure in December 2022, making some patient information inaccessible and unrecoverable.
The breach began when one of GWH’s third-party technology service providers, Global Network Systems, suffered a network outage on December 12. Global manages the IT infrastructure and applications for GWH, including hosting its electronic medical records system.
Further investigation determined that some GWH data may have been accessed by an unauthorized party between April 29 and December 12. The incident “rendered the information inaccessible and for which there was not a backup available,” a notice to patients explained.
February 17
MySejahtera
A “Super Admin” account under the MyVAS system, which is used at vaccination centers to record and issue Covid-19 vax certs, downloaded the personal information of three million vaccine recipients from the MySejahtera app, according to the AG Report.
February 16
Scandinavian Airlines (SAS)
Scandinavian Airlines (SAS) has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data. The cyberattack caused some form of a malfunction on the airline's online system, causing passenger data to become visible to other passengers. This data includes contact details, previous and upcoming flights, as well the last four digits of the credit card number.
February 16
Community Health Systems
Franklin, Tenn.-based Community Health Systems is notifying patients that some of their confidential information was compromised when its cybersecurity firm Fortra experienced a data breach. The health system launched an investigation to determine if any of its information systems were affected, if there was any impact to operations and to what extent the patient data had been accessed, according to the filing.
February 15
Meriplex Communications
Meriplex Communications filed notice of a data breach with several state attorney general offices after discovering that confidential consumer data stored on the company’s computer network was subject to unauthorized access. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers.
February 13
Meriplex Communications
Meriplex Communications filed notice of a data breach with several state attorney general offices after discovering that confidential consumer data stored on the company’s computer network was subject to unauthorized access. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers.
February 13
Pepsi
Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems.
February 12
Slack
Indian social media app, Slick, has exposed an internal database containing users’ personal information on the internet. The data breach also impacted children. According to a TechCrunch report, since December 11, a database containing user information, including date of birth, mobile number and profile pictures, surfaced online without security.
February 12
HSE
During an appearance at the Oireachtas Public Accounts Committee (PAC) on Thursday, the HSE confirmed that just 220 people have requested further information about data that was leaked about them. Fran Thompson, Chief Information Officer of the HSE, confirmed that the HSE has sent 32,000 letters to those affected to date. Some 113,000 are due to receive letters, with the remainder to be sent by April
February 12
Technion
The Technion, which is the Technology Institute of Israel, confirms it has been the victim of a ransomware attack by threat actors demanding 80 BTC ransom to unlock the data.
February 12
MTU
Students and staff were notified by Munster Technological University (MTU) earlier this evening that its data had been copied and shared on the dark web. The college has not yet described what type of data has been shared.
February 10
A10
Sharp HealthCare, San Diego's largest health provider, announced Monday that it has begun The The California-based networking hardware manufacturer' A10 Networks' has confirmed the Play ransomware gang briefly gained access to its IT infrastructure and compromised data.
The company says the security incident occurred on January 23, 2023, and lasted for a few hours before its IT team managed to stop the intrusion and contain the damage.
February 10
Highmark
Highmark stated the information that may have been compromised includes names, enrollment information such as group name, identification number, claims or treatment information such as claim numbers, dates of service, procedures, prescription information, dates of birth, email addresses, phone numbers, driver’s license number, passport number, as well as in some cases social security numbers and financial information.
February 10
Regal Medical Group
Regal Medical Group posted that more than 3.3 million individuals may be affected in a databreach, according to a filing with the U.S. Department of Health & Human Services’ Office of Civil Rights. Healthcare organizations are required to report any data breach affecting at least 500 people to the federal government.
February 10
City of Oakland, CA
Sharp HealthCare, San Diego's largest health provider, announced Monday that it has begun The City of Oakland was hit by a ransomware attack on Wednesday night that forced it to take all systems offline until the network is secured and affected services are brought back online.
The attack has not affected core services, with the City saying that 911 dispatch and fire and emergency resources are all working as expected.
February 09
Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code.
After one employee fell victim to the phishing attack, the threat actor was able to breach internal Reddit systems to steal data and source code.
February 08
Wee
The Weee! Asian and Hispanic food delivery service suffered a data breach exposing the personal information of 1.1 million customers.
February 06
Sharp
Sharp HealthCare, San Diego's largest health provider, announced Monday that it has begun notifying 62,777 of its patients that some of their personal information was compromised during a hacking attack on the computers that run its website, sharp.com.
February 06
TruthFinder Checkmate
PeopleConnect-owned background check services Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.
February 06
Charlie Hebdo
Late last week, Microsoft’s Digital Threat Analysis Centre attributed the attack to an “Iranian nation-state actor” that it called Neptunium but is otherwise known as Emennet Pasargad.
The group claimed responsibility for the attack under the name Holy Souls, which itself is a new appellation on a popular data breach site. As of 4 January, the group was offering the data for the price of 20 bitcoins and on offer were the names and addresses of 230,000 Charlie Hebdo customers, along with email addresses and financial information.
February 05
Aspire Surgical
UT Specialty Dental Services, PLLC a/k/a Aspire Surgical announced today that it is notifying individuals whose information was involved in a recent cybersecurity incident.
On December 7, 2022, Aspire Surgical discovered a cybersecurity incident that impacted its IT systems.
February 03
Southeast Colorado Hospital District
On December 6, Southeast Colorado Hospital District (“SECHD”) became aware of suspicious activity involving the email account of one SECHD employee. An investigation determined that an unauthorized third party had gained access to the email account at various times between November 23 and December 5.
February 04
LG
LG Uplus said that last month's data breach affected a total of 290,000 users, about 110,000 more than initially suspected.
On January 10, the nation's third-largest wireless carrier disclosed that personal data of 180,000 customers, including their names, birth dates and phone numbers, had been breached.
The company said on its website it found personal data of about 110,000 more customers, who had terminated their subscriptions, was also compromised, reports yonhap news agency.
February 03
Cardiovascular Associates (CVA)
Cardiovascular Associates (CVA) has started informing patients of a data security incident which may have affected some people's personal information. CVA, which has multiple locations in and around Birmingham, released a statement Friday to address the breach which happened near the end of November of last year.
February 03
PeopleConnect / TruthFinder / Instant Checkmate
PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers.
TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people. When conducting background checks, the sites will use publicly scraped data, federal, state, and court records, criminal records, social media, and other sources.
January 2023
January 31
Google FI
Google LLC recently informed customers of Google Fi, the company’s mobile virtual network operator service, that their data may have been breached because of “suspicious activity relating to a third party system that contains a limited amount of Google Fi customer data.”
The email to customers did not name who the third party was, referring only to a “primary network provider for Google Fi.” However, it’s not hard to work out who the third party was.
As an MVNO, Google Fi uses other carriers to provide cellphone and data access to its customers. The largest provider of mobile services to Google Fi is T-Mobile USA Inc., which disclosed yet another breach affecting 37 million customers on Jan. 19.
January 27
Running Room Canada
The walking and running retailer says an outside group may have accessed the online personal information of some Running Room customers in Canada over the past several months.
In an email to customers Friday obtained by CTVNews.ca, the company says it “recently identified and addressed” a security incident involving “a subset of user data.”
January 26
Zendesk
Hackers breached Zacks Investment Research (Zacks) company last year and gained access to Reports began to surface about a potential Zendesk data breach. While the company has yet to publicly confirm that it was the target of a cyberattack, some of the company’s customers report receiving emails informing them of a data breach. Based on the currently available information, the incident resulted in an unauthorized party gaining access to certain clients’ account information. After confirming that consumer data was leaked, Zendesk began sending out data breach notification emails to all individuals and businesses that were impacted by the recent data security incident.
January 26
Charter Communications
Telecommunications company Charter Communications said one of its third-party vendors suffered from a security breach after data from the company showed up on a hacking forum.
On Thursday, a forum user posted information allegedly stolen from the company that included names, account numbers, addresses and more for about 550,000 customers.
January 26
Stratford University
Stratford University filed notice of a data breach with the Attorney General of Maine after the institution learned that it was the victim of a ransomware account that compromised confidential student and employee information. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ first and last names, phone numbers, addresses, e-mail addresses, dates of birth, student identification numbers, passport numbers, and Social Security numbers. After confirming that consumer data was leaked, Stratford began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
January 26
mscripts, LLC
Based on the company’s official filing with the HHS-OCR, the incident likely resulted in an unauthorized party gaining access to consumers’ protected health information and possibly other sensitive data types. After confirming that consumer data was leaked, mscripts began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
January 26
Diligent Corporation
UCHealth was recently informed by Diligent Corporation, a software company that provides business operations tools for UCHealth and other organizations, that Diligent experienced a security incident that impacted data held by Diligent on its servers. Some of UCHealth’s patient, provider or employee data may have been included in this incident.
January 25
Zacks Investment Research
Hackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to 820,000 customers.
January 25
GoTo
Virtual meetings and desktop-sharing software vendor GoTo has informed customers that backups for five of its product lines were taken by a malicious actor in the November breach of its third-party cloud storage service.
January 24
Insulet
Mass.-based medical device company Insulet issued a notice of a data breach that may have compromised the protected health information of 29,000 users of its recently recalled Omnipod DASH Insulin Management System.
January 23
US Immigration and Customs Enforcement (ICE)
Nearly 3,000 immigrants seeking asylum in the United States have been released from custody after Immigration and Customs Enforcement (ICE) officials inadvertently published their personal information online.
Records including names, birth dates, nationalities and detention locations of 6,252 immigrants were posted to an area of ICE's website normally used to report detention statistics last November. Further complicating the issues is the nature of the list - the people on it all said they came to the US fleeing torture and persecution and therefore sought asylum.
January 23
FanDuel
FanDuel, a popular sports betting site, sent an email warning to its customers last night about a data breach incident caused by one of its third-party vendors.
While it didn’t mention who it was, we related that to MailChimp – which disclosed a data breach incident last week, affecting several of its customers. FanDuel asked its users to remain vigilant about potential cyberattacks and change passwords to secure.
January 23
Riot Games
Riot Games, the studio behind League of Legends and Valorant, says a recent security breach may affect its short-term content release schedule. In a tweet on Friday its development systems were compromised in a social engineering attack that occured earlier in the week.
January 21
Rundle Eye Care
At some time before or in early October, the Everest Ransom Team hacked Rundle Eye Care in California. On January 11, Drs. Keith and Herman Rundle notified patients and the California Attorney General’s Office about the incident.
In their notification, the doctors do not reveal precise dates of the attack or its discovery but claim that they recently
detected and stopped a network security incident. An unauthorized third party temporarily gained access to our network environment. Although we have found no evidence that your information has been specifically misused as a result of the incident, an investigation revealed that the following categories of your information which may have been exposed: name, date of birth, and treatment information.
January 21
ODIN Intelligence
detailed tactical plans for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect’s phone. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps and services to police departments, following a hack and defacement of its website over the weekend.
The group behind the breach said in a message left on ODIN’s website that it hacked the company after its founder and chief executive Erik McCauley dismissed a report by Wired, which discovered the company’s flagship app SweepWizard, used by police to coordinate and plan multiagency raids, was insecure and spilling sensitive data about upcoming police operations to the open web.
January 20
PayPal
According to the report released by PayPal, hackers managed to gain unauthorized access to at least 34,942 accounts. The attack was launched between December 6 - 8, 2022. The cybercriminals used a credential-stuffing attack to gain access to these accounts.
January 20
T-Mobile
U.S. wireless network T-Mobile says hackers have stolen data on 37 million customers. It says the breach occurred in late November and was discovered Jan. 5. The company said Thursday in a regulatory filing that the unidentified intruder obtained data, including addresses, phone numbers and dates of birth.
T-Mobile said the exposed data did not include bank account or credit card information, Social Security numbers or other IDs or passwords
January 18
Nissan
Nissan has sent out breach notification letters to thousands of people to inform them of a leak of personal information through a third-party vendor.
The car company said it was notified on June 21 that names, dates of birth, and account numbers for Nissan Motor Acceptance Corporation – an indirect lender that helps people finance or lease Nissan vehicles – were exposed after it provided the customer information to an unnamed third party “for software testing.”
Nissan’s breach notification letter, which was sent to 17,998 people, does not say when the data was exposed nor for how long.
January 18
Mailchimp
Email marketing and newsletter giant Mailchimp says it was hacked and that dozens of customers’ data was exposed. It’s the second time the company was hacked in the past six months. Worse, this breach appears to be almost identical to a previous incident.
The Intuit-owned company said in an unattributed blog post that its security team detected an intruder on January 11 accessing one of its internal tools used by Mailchimp customer support and account administration, though the company did not say for how long the intruder was in its systems, if known. Mailchimp said the hacker targeted its employees and contractors with a social engineering attack, in which someone uses manipulation techniques by phone, email or text to gain private information, like passwords. The hacker then used those compromised employee passwords to gain access to data on 133 Mailchimp accounts, which the company notified of the intrusion.
January 17
Royal Mail
Royal Mail CEO Simon Thompson has confirmed that a cyberattack is to blame for the ongoing disruption at the U.K. postal giant.
The admission comes almost a week after Royal Mail first said it was hit by an unspecified “cyber incident” that left the British mail service unable to dispatch items to overseas destinations.
January 17
Norton
Cybersecurity services provider Norton LifeLock (NYSE:LOCK) has warned its customers of a potential data breach that has compromised the password managers of about 6,450 customers.
This is yet another blow to the password manager eco-system where the popular password manager Lastpass was just recently compromised in late December.
January 15
CircleCi
Software company CircleCi, whose products are popular with developers and software engineers, has confirmed that some customers' data were stolen in a data breach last month.
Although the employee's access was secured with two-factor authentication, the company said that the intruder gained access through a laptop that was infected with malware, reports TechCrunch.
January 15
Taiwan Semiconductor Manufacturing Company's (TSMC)
The Taiwan Semiconductor Manufacturing Company's (TSMC) founder and chairman's personal details were leaked after an airline database was hacked and information posted online. The hack part of efforts by a group to blackmail the company. According to media reports, once the airline contacted the authorities, the details were posted in a forum. China Airlines has confirmed the breach, and it has also outlined that after cross-referencing some of the leaked information with its records, the company found some discrepancies.
January 15
Medibank
The leak of the sensitive data of 9.7 million Medibank customers could cost the insurer upwards of $5 billion in payouts, lawyers behind a major privacy complaint say.
Legal firms Bannister Law Class Actions and Centennial Lawyers have announced they are merging their class-action lawsuits against Medibank with a case already made to the Office of the Australian Information Commissioner (OAIC) by Maurice Blackburn Lawyers.
January 15
ODIN Intelligence
The website for ODIN Intelligence, a company that provides technology and tools for law enforcement and police departments, was defaced on Sunday.
The apparent hack comes days after Wired reported that an app developed by the company, SweepWizard, which allows police to manage and coordinate multi-agency raids, had a significant security vulnerability that exposed personal information of police suspects and sensitive details of upcoming police operations to the open web.
January 14
Community Health Network
Community Health Network announced Saturday that it is notifying patients of a data breach involving one of its affiliates. According to Community, they have no indication that Social Security numbers, account numbers, or credit card information was collected or transmitted during the breach.
January 10
Knox College
Knox College is notifying patients that their personal information, including names, addresses, dates of birth, Social Security numbers, driver's license numbers, and passport numbers may have been stolen and posted on the dark web as part of a recent hack.
January 10
Captify Health
Captify Health, a colonoscopy prep-focused management services company, notified about 244,300 patients that their personal information may have been compromised during a data breach of the company's colonoscopy prep retail site.
January 10
French Social Security Agency CAF, or Family Allowance Fund
More than 10,000 beneficiaries of a local branch of the French social security agency CAF, or Family Allowance Fund, saw their data exposed for about 18 months, after a file containing personal information was sent to a service provider.
The mistake, discovered by France Info — Radio France's news and investigation service — just before the year-end holidays, could hit the CAF hard. The investigation found that the CAF in Gironde (Nouvelle-Aquitaine) sent a file containing sensitive and personal information of 10,204 beneficiaries to a service provider responsible for training the organization's statisticians.
January 9
SAIF Corporation
SAIF Corporation filed notice of a data breach with the Attorney General of Texas after the company experienced what it characterized as a “brief period of unauthorized access” to its computer network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, driver’s license numbers, financial account numbers, health insurance policy numbers, and medical history information.
January 9
Air France-KLM
Hackers managed to break into Flying Blue, the frequent flyer program used by KLM and Air France. The hackers may have gained access to members’ personal data and travel information. NL Times reviewed a message sent by Flying Blue, which stated, “Our security operations teams have detected suspicious behavior by an unauthorized entity in relation to your account.”
According to the letter, customers’ first and last names may have been accessed by hackers, as well as other private data, including their phone number, email address, and recent transaction history. Data specific to the Flying Blue program may also have been accessed, including the customers’ Flying Blue numbers, their frequent flyer status level, and miles balance.
January 9
Live Oak Surgery Center
Live Oak Surgery Center, a surgery center in Plano, Texas, reported a breach to HHS impacting 5,264 individuals. According to a notice on its website, Live Oak recently discovered suspicious activity within its email environment.
Further investigation revealed that an unauthorized party accessed two employee email accounts between August 10 and September 27, 2022.
January 6
Metropolitan Area EMS Authority
Metropolitan Area EMS Authority, a Texas government administrative agency that does business as MedStar Mobile Healthcare, reported the hacking incident to the U.S. Department of Health and Human Services' Office for Civil Rights on Dec. 19. MedStar, which provides ambulance services in Tarrant County, Texas, reported that on Oct. 20, it experienced "issues" with its network systems.
January 6
The Robins & Morton Group
The Robins & Morton Group (“Robins & Morton”) filed notice of a data breach with the Montana Attorney General after an unauthorized party was able to access files on the company’s computer system containing confidential consumer information. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers.
January 6
Wabtec Corporation
Wabtec Corporation posted notice on its website regarding a recent data breach after the company detected unusual activity that was later confirmed to be a malware attack. Based on the company’s notice, the incident resulted in an unauthorized party gaining access to consumers’ full names, Social Security numbers, financial account information, protected health information, criminal histories and more.
January 6
Five Guys Enterprises
Five Guys Enterprises, LLC filed notice of a data breach with the various attorney general offices across the country after learning about a cyberattack that compromised confidential information related to individuals who applied to work for the company. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to job applicants’ full names, Social Security numbers, driver’s license numbers and financial account information.
January 6
Chick-fil-A
American fast-food restaurant chain Chick-fil-A is investigating what it described as "suspicious activity" linked to some of its customers' accounts.
January 3
Howard Memorial Hospital
Arkansas-based Howard Memorial Hospital reported a breach that compromised patients and employee data
January 3
Lake Charles Memorial Health System
In late December, Louisiana-based Lake Charles Memorial Health System (LCMHS) began notifying 269,752 individuals of a healthcare data breach. According to the notice, the breach occurred between October 20 and 21.
January 1
Telekom Malaysia
Bed Bath & Beyond Inc reported a third party had improperly accessed its data through a phishing According to TM, they found that 250,248 Unifi Mobile customers are affected in the data breach that happened, which includes both individual customers as well as small and medium businesses. They add that the type of data leaked involves customer names, phone numbers and emails, and that no other information was breached.
January 1
Toyota Motor's
A data breach at Toyota Motor's Indian business might have exposed some customers' personal information, it said on Sunday.
Toyota India said it has notified the relevant Indian authorities of the data breach at Toyota Kirloskar Motor, a joint venture with Indian conglomerate Kirloskar Group.